Examples of IPatternLogger

Examples of org.ejbca.util.IPatternLogger

597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
      password = gen.getNewPassword(15, 20);
      log.debug("Using a long random password");
    }
    // get and old status that we can remember so we can reset status if this fails in the last step
    int olduserStatus = UserDataConstants.STATUS_GENERATED;
        final IPatternLogger logger = TransactionLogger.getPatternLogger();
        logAdminName(admin,logger);
        try {
       UserDataVO user = userAdminSession.findUser(admin, username);
      // See if this user already exists.
      // We allow renewal of certificates for IS's that are not revoked
      // In that case look for it's last old certificate and try to authenticate the request using an outer signature.
      // If this verification is correct, set status to NEW and continue process the request.
      if (user != null) {
        olduserStatus = user.getStatus();
        // If user is revoked, we can not proceed
        if ( (olduserStatus == UserDataConstants.STATUS_REVOKED) || (olduserStatus == UserDataConstants.STATUS_HISTORICAL) ) {
          throw new AuthorizationDeniedException("User '"+username+"' is revoked.");
        }
        CVCObject parsedObject = CertificateParser.parseCVCObject(Base64.decode(cvcreq.getBytes()));
        if (parsedObject instanceof CVCAuthenticatedRequest) {
          log.debug("Received an authenticated request, could be an initial DV request signed by CVCA or a renewal for DV or IS.");
          CVCAuthenticatedRequest authreq = (CVCAuthenticatedRequest)parsedObject;
          CVCPublicKey cvcKey = authreq.getRequest().getCertificateBody().getPublicKey();
          String algorithm = AlgorithmUtil.getAlgorithmName(cvcKey.getObjectIdentifier());
          log.debug("Received request has a public key with algorithm: "+algorithm);
          HolderReferenceField holderRef = authreq.getRequest().getCertificateBody().getHolderReference();
          CAReferenceField caRef = authreq.getAuthorityReference();

          // Check to see that the inner signature does not also verify using an old certificate
          // because that means the same keys were used, and that is not allowed according to the EU policy
          // This must be done whether it is signed by CVCA or a renewal request
          Collection<java.security.cert.Certificate> oldcerts = certificateStoreSession.findCertificatesByUsername(admin, username);
          if (oldcerts != null) {
            log.debug("Found "+oldcerts.size()+" old certificates for user "+username);
            Iterator<java.security.cert.Certificate> iterator = oldcerts.iterator();
            while (iterator.hasNext()) {
              java.security.cert.Certificate cert = iterator.next();
              PublicKey pk = getCVPublicKey(admin, cert);
              CVCertificate innerreq = authreq.getRequest();
              checkInnerCollision(pk, innerreq, holderRef.getConcatenated()); // Throws AuthorizationDeniedException
            }
          }

          boolean verifiedOuter = false; // So we can throw an error if we could not verify
          if (StringUtils.equals(holderRef.getMnemonic(), caRef.getMnemonic()) && StringUtils.equals(holderRef.getCountry(), caRef.getCountry())) {
            log.debug("Authenticated request is self signed, we will try to verify it using user's old certificate.");
            Collection<java.security.cert.Certificate> certs = certificateStoreSession.findCertificatesByUsername(admin, username);
            // certs contains certificates ordered with last expire date first. Last expire date should be last issued cert
            // We have to iterate over available user certificates, because we don't know which on signed the old one
            // and cv certificates have very coarse grained validity periods so we can't really know which one is the latest one
            // if 2 certificates are issued the same day.
            if (certs != null) {
              log.debug("Found "+certs.size()+" old certificates for user "+username);
              Iterator<java.security.cert.Certificate> iterator = certs.iterator();
              while (iterator.hasNext()) {
                java.security.cert.Certificate cert = iterator.next();
                try {
                  // Only allow renewal if the old certificate is valid
                  PublicKey pk = getCVPublicKey(admin, cert);
                  if (log.isDebugEnabled()) {
                    log.debug("Trying to verify the outer signature with an old certificate, fp: "+CertTools.getFingerprintAsString(cert));                   
                  }
                  authreq.verify(pk);
                  log.debug("Verified outer signature");
                  // Yes we did it, we can move on to the next step because the outer signature was actually created with some old certificate
                  verifiedOuter = true;
                  if (ejbhelper.checkValidityAndSetUserPassword(admin, cert, username, password)) {
                    // If we managed to verify the certificate we will break out of the loop                 
                    break;
                  }
                 
                  // If verification of outer signature fails because the signature is invalid we will break and deny the request...with a message
                } catch (InvalidKeyException e) {
                  String msg = intres.getLocalizedMessage("cvc.error.outersignature", holderRef.getConcatenated(), e.getMessage());             
                  log.warn(msg, e);
                } catch (CertificateExpiredException e) { // thrown by checkValidityAndSetUserPassword
                  String msg = intres.getLocalizedMessage("cvc.error.outersignature", holderRef.getConcatenated(), e.getMessage());             
                  // Only log this with DEBUG since it will be a common case that happens, nothing that should cause any alerts
                  log.debug(msg);
                  // This exception we want to throw on, because we want to give this error if there was a certificate suitable for
                  // verification, but it had expired. This is thrown by checkValidityAndSetUserPassword after the request has already been
                  // verified using the public key of the certificate.
                  throw e;
                } catch (CertificateException e) {
                  String msg = intres.getLocalizedMessage("cvc.error.outersignature", holderRef.getConcatenated(), e.getMessage());             
                  log.warn(msg, e);
                } catch (NoSuchAlgorithmException e) {
                  String msg = intres.getLocalizedMessage("cvc.error.outersignature", holderRef.getConcatenated(), e.getMessage());             
                  log.info(msg, e);
                } catch (NoSuchProviderException e) {
                  String msg = intres.getLocalizedMessage("cvc.error.outersignature", holderRef.getConcatenated(), e.getMessage());             
                  log.warn(msg, e);
                } catch (SignatureException e) {
                  // Failing to verify the outer signature will be normal, since we must try all old certificates
                  if (log.isDebugEnabled()) {
                    String msg = intres.getLocalizedMessage("cvc.error.outersignature", holderRef.getConcatenated(), e.getMessage());             
                    log.debug(msg);                 
                  }
                }
              } // while (iterator.hasNext()) {
              // if verification failed because the old cert was not yet valid, continue processing as usual, using the sent in username/password hoping the
              // status is NEW and password is correct. If old certificate was expired a CertificateExpiredException is thrown above.

            } // if (certs != null) {
           
            // If there are no old certificate, continue processing as usual, using the sent in username/password hoping the
            // status is NEW and password is correct.
          } else { // if (StringUtils.equals(holderRef, caRef))
            // Subject and issuerDN is CN=Mnemonic,C=Country
            String dn = "CN="+caRef.getMnemonic()+",C="+caRef.getCountry();
            log.debug("Authenticated request is not self signed, we will try to verify it using a CVCA certificate: "+dn);
            CAInfo info = caAdminSession.getCAInfoOrThrowException(admin, CertTools.stringToBCDNString(dn).hashCode());
            if (info != null) {
              Collection<java.security.cert.Certificate> certs = info.getCertificateChain();
              if (certs != null) {
                log.debug("Found "+certs.size()+" certificates in chain for CA with DN: "+dn);             
                Iterator<java.security.cert.Certificate> iterator = certs.iterator();
                if (iterator.hasNext()) {
                  // The CA certificate is first in chain
                  java.security.cert.Certificate cert = iterator.next();
                  if (log.isDebugEnabled()) {
                    log.debug("Trying to verify the outer signature with a CVCA certificate, fp: "+CertTools.getFingerprintAsString(cert));                   
                  }
                  try {
                    // The CVCA certificate always contains the full key parameters, no need to du any EC curve parameter magic here
                    authreq.verify(cert.getPublicKey());
                    log.debug("Verified outer signature");
                    verifiedOuter = true;
                    // Yes we did it, we can move on to the next step because the outer signature was actually created with some old certificate
                    if (!ejbhelper.checkValidityAndSetUserPassword(admin, cert, username, password)) {
                      // If the CA certificate was not valid, we are not happy                 
                      String msg = intres.getLocalizedMessage("cvc.error.outersignature", holderRef.getConcatenated(), "CA certificate not valid for CA: "+info.getCAId());             
                      log.info(msg);
                      throw new AuthorizationDeniedException(msg);
                    }             
                  } catch (InvalidKeyException e) {
                    String msg = intres.getLocalizedMessage("cvc.error.outersignature", holderRef.getConcatenated(), e.getMessage());             
                    log.warn(msg, e);
                  } catch (CertificateException e) {
                    String msg = intres.getLocalizedMessage("cvc.error.outersignature", holderRef.getConcatenated(), e.getMessage());             
                    log.warn(msg, e);
                  } catch (NoSuchAlgorithmException e) {
                    String msg = intres.getLocalizedMessage("cvc.error.outersignature", holderRef.getConcatenated(), e.getMessage());             
                    log.warn(msg, e);
                  } catch (NoSuchProviderException e) {
                    String msg = intres.getLocalizedMessage("cvc.error.outersignature", holderRef.getConcatenated(), e.getMessage());             
                    log.warn(msg, e);
                  } catch (SignatureException e) {
                    String msg = intres.getLocalizedMessage("cvc.error.outersignature", holderRef.getConcatenated(), e.getMessage());             
                    log.warn(msg, e);
                  }             
                }               
              } else {
                log.info("No CA certificate found to authenticate request: "+dn);
              }
            } else {
              log.info("No CA found to authenticate request: "+dn);
            }
          }
          // if verification failed because we could not verify the outer signature at all it is an error
          if (!verifiedOuter) {
            String msg = intres.getLocalizedMessage("cvc.error.outersignature", holderRef.getConcatenated(), "No certificate found that could authenticate request");             
            log.info(msg);
            throw new AuthorizationDeniedException(msg);
          }
        } // if (parsedObject instanceof CVCAuthenticatedRequest)
        // If it is not an authenticated request, with an outer signature, continue processing as usual,
        // using the sent in username/password hoping the status is NEW and password is correct.
      } else {
        // If there are no old user, continue processing as usual... it will fail
        log.debug("No existing user with username: "+username);
      }
     
      // Finally generate the certificate (assuming status is NEW and password is correct
      byte[] response = processCertReq(username, password, cvcreq, REQTYPE_CVC, null, CertificateHelper.RESPONSETYPE_CERTIFICATE, logger);
      CertificateResponse ret = new CertificateResponse(CertificateHelper.RESPONSETYPE_CERTIFICATE, response);
      byte[] b64cert = ret.getData();
      CVCertificate certObject = CertificateParser.parseCertificate(Base64.decode(b64cert));
      java.security.cert.Certificate iscert = new CardVerifiableCertificate(certObject);
      ArrayList<Certificate> retval = new ArrayList<Certificate>();
      retval.add(new Certificate((java.security.cert.Certificate)iscert));
      // Get the certificate chain
      if (user != null) {
        int caid = user.getCAId();
        caAdminSession.verifyExistenceOfCA(caid);
        Collection<java.security.cert.Certificate> certs = signSession.getCertificateChain(admin, caid);
        Iterator<java.security.cert.Certificate> iter = certs.iterator();
        while (iter.hasNext()) {
          java.security.cert.Certificate cert = iter.next();
          retval.add(new Certificate(cert));
        }
      }
      log.trace("<cvcRequest");
      return retval;
    } catch (EjbcaException e) {
      // Have this first, if processReq throws an EjbcaException we want to reset status
      ejbhelper.resetUserPasswordAndStatus(admin, username, olduserStatus);
        throw e;
    } catch (ServiceLocatorException e) {
      ejbhelper.resetUserPasswordAndStatus(admin, username, olduserStatus);
        throw EjbcaWSHelper.getInternalException(e, logger);
    } catch (FinderException e) {
      ejbhelper.resetUserPasswordAndStatus(admin, username, olduserStatus);
        throw EjbcaWSHelper.getInternalException(e, logger);
    } catch (ParseException e) {
      ejbhelper.resetUserPasswordAndStatus(admin, username, olduserStatus);
        throw EjbcaWSHelper.getInternalException(e, logger);
    } catch (ConstructionException e) {
      ejbhelper.resetUserPasswordAndStatus(admin, username, olduserStatus);
        throw EjbcaWSHelper.getInternalException(e, logger);
    } catch (NoSuchFieldException e) {
      ejbhelper.resetUserPasswordAndStatus(admin, username, olduserStatus);
        throw EjbcaWSHelper.getInternalException(e, logger);
    } catch (CertificateEncodingException e) {
      ejbhelper.resetUserPasswordAndStatus(admin, username, olduserStatus);
        throw EjbcaWSHelper.getInternalException(e, logger);
        } catch (RuntimeException e) {  // EJBException, ...
      ejbhelper.resetUserPasswordAndStatus(admin, username, olduserStatus);
            throw EjbcaWSHelper.getInternalException(e, logger);
        } finally {
            logger.writeln();
            logger.flush();
        }
  } // cvcRequest
View Full Code Here

Examples of org.ejbca.util.IPatternLogger

873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
  /**
   * @see org.ejbca.core.protocol.ws.common.IEjbcaWS#pkcs10Request(java.lang.String, java.lang.String, java.lang.String, java.lang.String, java.lang.String)
   */
  public CertificateResponse pkcs10Request(String username, String password, String pkcs10, String hardTokenSN, String responseType)
  throws CADoesntExistsException, AuthorizationDeniedException, NotFoundException, EjbcaException {
      final IPatternLogger logger = TransactionLogger.getPatternLogger();
      try {
        if (log.isDebugEnabled()) {
          log.debug("PKCS10 from user '"+username+"'.");
        }
          return new CertificateResponse(responseType, processCertReq(username, password,
                                                                      pkcs10, REQTYPE_PKCS10, hardTokenSN, responseType, logger));
        } catch( CADoesntExistsException t ) {
            logger.paramPut(TransactionTags.ERROR_MESSAGE.toString(), t.toString());
            throw t;
        } catch( AuthorizationDeniedException t ) {
            logger.paramPut(TransactionTags.ERROR_MESSAGE.toString(), t.toString());
            throw t;
        } catch( NotFoundException t ) {
            logger.paramPut(TransactionTags.ERROR_MESSAGE.toString(), t.toString());
            throw t;
        } catch (RuntimeException e) {  // EJBException, ...
            throw EjbcaWSHelper.getInternalException(e, logger);
        } finally {
            logger.writeln();
            logger.flush();
        }
  }
View Full Code Here

Examples of org.ejbca.util.IPatternLogger

1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
   * @see org.ejbca.core.protocol.ws.common.IEjbcaWS#pkcs12Req(java.lang.String, java.lang.String, java.lang.String, java.lang.String, java.lang.String)
   */
  public KeyStore pkcs12Req(String username, String password, String hardTokenSN, String keyspec, String keyalg)
    throws CADoesntExistsException, AuthorizationDeniedException, NotFoundException, EjbcaException {
   
        final IPatternLogger logger = TransactionLogger.getPatternLogger();
        try{
        EjbcaWSHelper ejbhelper = new EjbcaWSHelper(wsContext, authorizationSession, caAdminSession, certificateProfileSession, certificateStoreSession, endEntityProfileSession, hardTokenSession, userAdminSession);
        Admin admin = ejbhelper.getAdmin();
              logAdminName(admin,logger);

        // check CAID
        UserDataVO userdata = userAdminSession.findUser(admin,username);
        if(userdata == null){
          String msg = intres.getLocalizedMessage("ra.errorentitynotexist", username);             
          throw new NotFoundException(msg);
        }
        int caid = userdata.getCAId();
        caAdminSession.verifyExistenceOfCA(caid);
        if(!authorizationSession.isAuthorized(admin, AccessRulesConstants.CAPREFIX +caid)) {
            Authorizer.throwAuthorizationException(admin, AccessRulesConstants.CAPREFIX +caid, null);
        }

        if(!authorizationSession.isAuthorizedNoLog(admin, AccessRulesConstants.REGULAR_CREATECERTIFICATE)) {
            Authorizer.throwAuthorizationException(admin, AccessRulesConstants.REGULAR_CREATECERTIFICATE, null);
        }
       
        // Check tokentype
        if(userdata.getTokenType() != SecConst.TOKEN_SOFT_P12){
                  throw EjbcaWSHelper.getEjbcaException("Error: Wrong Token Type of user, must be 'P12' for PKCS12 requests", logger, ErrorCode.BAD_USER_TOKEN_TYPE, null);
        }

        boolean usekeyrecovery = globalConfigurationSession.getCachedGlobalConfiguration(admin).getEnableKeyRecovery();
        log.debug("usekeyrecovery: "+usekeyrecovery);
        boolean savekeys = userdata.getKeyRecoverable() && usekeyrecovery &&  (userdata.getStatus() != UserDataConstants.STATUS_KEYRECOVERY);
        log.debug("userdata.getKeyRecoverable(): "+userdata.getKeyRecoverable());
        log.debug("userdata.getStatus(): "+userdata.getStatus());
        log.debug("savekeys: "+savekeys);
        boolean loadkeys = (userdata.getStatus() == UserDataConstants.STATUS_KEYRECOVERY) && usekeyrecovery;
        log.debug("loadkeys: "+loadkeys);
        int endEntityProfileId = userdata.getEndEntityProfileId();
        EndEntityProfile endEntityProfile = endEntityProfileSession.getEndEntityProfile(admin, endEntityProfileId);
        boolean reusecertificate = endEntityProfile.getReUseKeyRecoveredCertificate();
        log.debug("reusecertificate: "+reusecertificate);

        try {
          GenerateToken tgen = new GenerateToken(authenticationSession, userAdminSession, caAdminSession, keyRecoverySession, signSession);
          java.security.KeyStore pkcs12 = tgen.generateOrKeyRecoverToken(admin, username, password, caid, keyspec, keyalg, false, loadkeys, savekeys, reusecertificate, endEntityProfileId);
                  final KeyStore retval = new KeyStore(pkcs12, password);
          final Enumeration<String> en = pkcs12.aliases();
          final String alias = en.nextElement();
                  final X509Certificate cert = (X509Certificate) pkcs12.getCertificate(alias);
                  if ( (hardTokenSN != null) && (cert != null) ) {
                      hardTokenSession.addHardTokenCertificateMapping(admin,hardTokenSN,cert);                
                  }
                  return retval;
              } catch (AuthLoginException e) {
                  throw e;
              } catch (AuthStatusException e) {
                  throw e;
              } catch (Exception e) {
                  throw EjbcaWSHelper.getInternalException(e, logger);
        }
       
       
      }catch(AuthorizationDeniedException ade){
        throw ade;
      } catch (ClassCastException e) {
                throw EjbcaWSHelper.getInternalException(e, logger);
      } catch (EJBException e) {
                throw EjbcaWSHelper.getInternalException(e, logger);
      } catch (AuthStatusException e) {
        // Don't log a bad error for this (user wrong status)
                throw EjbcaWSHelper.getEjbcaException(e, logger, ErrorCode.USER_WRONG_STATUS, Level.DEBUG);
      } catch (AuthLoginException e) {
                throw EjbcaWSHelper.getEjbcaException(e, logger, ErrorCode.LOGIN_ERROR, Level.ERROR);
      } catch (IllegalKeyException e) {
        // Don't log a bad error for this (user's key length too small)
                throw EjbcaWSHelper.getEjbcaException(e, logger, ErrorCode.ILLEGAL_KEY, Level.DEBUG);
          } catch (RuntimeException e) {  // EJBException, ...
              throw EjbcaWSHelper.getInternalException(e, logger);
            } finally {
                logger.writeln();
                logger.flush();
      }
  }
View Full Code Here

Examples of org.ejbca.util.IPatternLogger

1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
  public void revokeCert(final String issuerDN, final String certificateSN, final int reason) throws CADoesntExistsException, AuthorizationDeniedException,
      NotFoundException, EjbcaException, ApprovalException, WaitingForApprovalException, AlreadyRevokedException {
    if (log.isDebugEnabled()) {
          log.debug("Revoke cert with serial number '"+certificateSN+"' from issuer '"+issuerDN+"' with reason '"+reason+"'.");
    }
        final IPatternLogger logger = TransactionLogger.getPatternLogger();
        try {
      final EjbcaWSHelper ejbhelper = new EjbcaWSHelper(wsContext, authorizationSession, caAdminSession, certificateProfileSession, certificateStoreSession, endEntityProfileSession, hardTokenSession, userAdminSession);
      final Admin admin = ejbhelper.getAdmin();
            logAdminName(admin,logger);
      final int caid = CertTools.stringToBCDNString(issuerDN).hashCode();
      caAdminSession.verifyExistenceOfCA(caid);
      final BigInteger serno = new BigInteger(certificateSN, 16);
      // Revoke or unrevoke, will throw appropriate exceptions if parameters are wrong, such as trying to unrevoke a certificate
      // that was permanently revoked
      userAdminSession.revokeCert(admin, serno, issuerDN, reason);
    } catch (AuthorizationDeniedException e) {
      throw e;
    } catch (FinderException e) {
      throw new NotFoundException(e.getMessage());
        } catch (RuntimeException e) {  // EJBException, ClassCastException, ...
            throw EjbcaWSHelper.getInternalException(e, logger);
        } finally {
            logger.writeln();
            logger.flush();
        }
  }
View Full Code Here

Examples of org.ejbca.util.IPatternLogger

1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
   * @see org.ejbca.core.protocol.ws.common.IEjbcaWS#revokeUser(java.lang.String, int, boolean)
   */
  public void revokeUser(String username, int reason, boolean deleteUser)
      throws CADoesntExistsException, AuthorizationDeniedException, NotFoundException, AlreadyRevokedException, EjbcaException, ApprovalException, WaitingForApprovalException {

        final IPatternLogger logger = TransactionLogger.getPatternLogger();
        try{
      EjbcaWSHelper ejbhelper = new EjbcaWSHelper(wsContext, authorizationSession, caAdminSession, certificateProfileSession, certificateStoreSession, endEntityProfileSession, hardTokenSession, userAdminSession);
      Admin admin = ejbhelper.getAdmin();
            logAdminName(admin,logger);

      // check username
      UserDataVO userdata = userAdminSession.findUser(admin,username);
      if(userdata == null){
        String msg = intres.getLocalizedMessage("ra.errorentitynotexist", username);             
        throw new NotFoundException(msg);
      }
      // Check caid
      int caid = userdata.getCAId();
      caAdminSession.verifyExistenceOfCA(caid);
      if(!authorizationSession.isAuthorizedNoLog(admin, AccessRulesConstants.CAPREFIX +caid)) {
          Authorizer.throwAuthorizationException(admin, AccessRulesConstants.CAPREFIX +caid, null);
      }
      if (deleteUser) {
        userAdminSession.revokeAndDeleteUser(admin,username,reason);
      } else {
        userAdminSession.revokeUser(admin,username,reason);
      }
    }catch(AuthorizationDeniedException e){
      throw e;
    catch (FinderException e) {
      throw new NotFoundException(e.getMessage());
    } catch (RemoveException e) {
            throw EjbcaWSHelper.getInternalException(e, logger);
        } catch (RuntimeException e) {  // EJBException, ClassCastException, ...
            throw EjbcaWSHelper.getInternalException(e, logger);
        } finally {
            logger.writeln();
            logger.flush();
        }
  }
View Full Code Here

Examples of org.ejbca.util.IPatternLogger

1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
  /**
   * @see org.ejbca.core.protocol.ws.common.IEjbcaWS#keyRecoverNewest(java.lang.String)
   */
  public void keyRecoverNewest(String username) throws CADoesntExistsException, AuthorizationDeniedException, NotFoundException, EjbcaException, ApprovalException, WaitingForApprovalException {
    log.trace(">keyRecoverNewest");
        final IPatternLogger logger = TransactionLogger.getPatternLogger();
        try{
      EjbcaWSHelper ejbhelper = new EjbcaWSHelper(wsContext, authorizationSession, caAdminSession, certificateProfileSession, certificateStoreSession, endEntityProfileSession, hardTokenSession, userAdminSession);
      Admin admin = ejbhelper.getAdmin();
            logAdminName(admin,logger);

            boolean usekeyrecovery = globalConfigurationSession.getCachedGlobalConfiguration(admin).getEnableKeyRecovery()
            if(!usekeyrecovery){
        throw EjbcaWSHelper.getEjbcaException("Keyrecovery have to be enabled in the system configuration in order to use this command.",
                                        logger, ErrorCode.KEY_RECOVERY_NOT_AVAILABLE, null);
            }  
      UserDataVO userdata = userAdminSession.findUser(admin, username);
      if(userdata == null){
        String msg = intres.getLocalizedMessage("ra.errorentitynotexist", username);             
        throw new NotFoundException(msg);
      }
      if(keyRecoverySession.isUserMarked(admin, username)){
        // User is already marked for recovery.
        return;                    
      }
      // check CAID
      int caid = userdata.getCAId();
      caAdminSession.verifyExistenceOfCA(caid);
            if (!authorizationSession.isAuthorizedNoLog(admin, AccessRulesConstants.CAPREFIX + caid)) {
                Authorizer.throwAuthorizationException(admin, AccessRulesConstants.CAPREFIX + caid, null);
            }

      // Do the work, mark user for key recovery
      userAdminSession.prepareForKeyRecovery(admin, userdata.getUsername(), userdata.getEndEntityProfileId(), null);
        } catch (RuntimeException e) {  // EJBException, ...
            throw EjbcaWSHelper.getInternalException(e, logger);
        } finally {
            logger.writeln();
            logger.flush();
        }
    log.trace("<keyRecoverNewest");
  }
View Full Code Here

Examples of org.ejbca.util.IPatternLogger

1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
   * @see org.ejbca.core.protocol.ws.common.IEjbcaWS#revokeToken(java.lang.String, int)
   */
  public void revokeToken(String hardTokenSN, int reason)
  throws CADoesntExistsException, AuthorizationDeniedException, NotFoundException, AlreadyRevokedException, EjbcaException, ApprovalException, WaitingForApprovalException {
    EjbcaWSHelper ejbhelper = new EjbcaWSHelper(wsContext, authorizationSession, caAdminSession, certificateProfileSession, certificateStoreSession, endEntityProfileSession, hardTokenSession, userAdminSession);
        final IPatternLogger logger = TransactionLogger.getPatternLogger();
        try {
            revokeToken(ejbhelper.getAdmin(), hardTokenSN, reason, logger);
        } catch( CADoesntExistsException t ) {
            logger.paramPut(TransactionTags.ERROR_MESSAGE.toString(), t.toString());
            throw t;
        } catch( AuthorizationDeniedException t ) {
            logger.paramPut(TransactionTags.ERROR_MESSAGE.toString(), t.toString());
            throw t;
        } catch( NotFoundException t ) {
            logger.paramPut(TransactionTags.ERROR_MESSAGE.toString(), t.toString());
            throw t;
        } catch (RuntimeException e) {  // EJBException, ...
            throw EjbcaWSHelper.getInternalException(e, logger);
        } finally {
            logger.writeln();
            logger.flush();
        }
  }
View Full Code Here

Examples of org.ejbca.util.IPatternLogger

1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
  /**
   * @see org.ejbca.core.protocol.ws.common.IEjbcaWS#checkRevokationStatus(java.lang.String, java.lang.String)
   */
 
  public RevokeStatus checkRevokationStatus(String issuerDN, String certificateSN) throws CADoesntExistsException, AuthorizationDeniedException, EjbcaException {
        final IPatternLogger logger = TransactionLogger.getPatternLogger();

    try{
      EjbcaWSHelper ejbhelper = new EjbcaWSHelper(wsContext, authorizationSession, caAdminSession, certificateProfileSession, certificateStoreSession, endEntityProfileSession, hardTokenSession, userAdminSession);
      Admin admin = ejbhelper.getAdmin();     
          logAdminName(admin,logger);

      // check that admin is autorized to CA
      int caid = CertTools.stringToBCDNString(issuerDN).hashCode();
      caAdminSession.verifyExistenceOfCA(caid);
      if(!authorizationSession.isAuthorizedNoLog(admin, AccessRulesConstants.CAPREFIX +caid)) {
          Authorizer.throwAuthorizationException(admin, AccessRulesConstants.CAPREFIX +caid, null);
      }
     
      CertificateStatus certinfo = certificateStoreSession.getStatus(issuerDN, new BigInteger(certificateSN,16));
      if(certinfo != null){
        return new RevokeStatus(certinfo, issuerDN, certificateSN);
      }
      return null;
    }catch(AuthorizationDeniedException ade){
      throw ade;
        } catch (DatatypeConfigurationException e) {
            throw EjbcaWSHelper.getInternalException(e, logger);
        } catch (RuntimeException e) {  // EJBException, ClassCastException, ...
            throw EjbcaWSHelper.getInternalException(e, logger);
        } finally {
            logger.writeln();
            logger.flush();
        }
  } 
View Full Code Here

Examples of org.ejbca.util.IPatternLogger

1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
  /**
   * @see org.ejbca.core.protocol.ws.common.IEjbcaWS#isAuthorized(java.lang.String)
   */
  @TransactionAttribute(TransactionAttributeType.NOT_SUPPORTED)
  public boolean isAuthorized(String resource) throws EjbcaException{
        final IPatternLogger logger = TransactionLogger.getPatternLogger();
    try {
      final EjbcaWSHelper ejbhelper = new EjbcaWSHelper(wsContext, authorizationSession, caAdminSession, certificateProfileSession, certificateStoreSession, endEntityProfileSession, hardTokenSession, userAdminSession);
            final Admin admin = ejbhelper.getAdmin();
            logAdminName(admin,logger);
      return authorizationSession.isAuthorized(admin, resource)
    } catch (AuthorizationDeniedException ade) {
            return false;
        } catch (RuntimeException e) {  // EJBException, ClassCastException, ...
            throw EjbcaWSHelper.getInternalException(e, logger);
        } finally {
            logger.writeln();
            logger.flush();
        }
  }
View Full Code Here

Examples of org.ejbca.util.IPatternLogger

1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
      admin = ejbhelper.getAdmin();
    }
   
    final ArrayList<UserDataSourceVOWS> retval = new ArrayList<UserDataSourceVOWS>();
   
        final IPatternLogger logger = TransactionLogger.getPatternLogger();
        logAdminName(admin,logger);
        try {
      final ArrayList<Integer> userDataSourceIds = new ArrayList<Integer>();
      {
          final Iterator<String> iter = userDataSourceNames.iterator();
          while(iter.hasNext()){
              final String name = iter.next();
              final int id = userDataSourceSession.getUserDataSourceId(admin, name);
            if(id != 0){
                  userDataSourceIds.add(Integer.valueOf(id));
              }else{
                  log.error("Error User Data Source with name : " + name + " doesn't exist.");
              }
          }
      }
      {
          final Iterator<UserDataSourceVO> iter = userDataSourceSession.fetch(admin, userDataSourceIds, searchString).iterator();
          while(iter.hasNext()){
              UserDataSourceVO next = iter.next();
              retval.add(new UserDataSourceVOWS(ejbhelper.convertUserDataVO(admin, next.getUserDataVO()),next.getIsFieldModifyableSet()));
          }
      }
        } catch (RuntimeException e) {  // EJBException, ClassCastException, ...
            throw EjbcaWSHelper.getInternalException(e, logger);
        } finally {
            logger.writeln();
            logger.flush();
        }
        return retval;
  }   
View Full Code Here
TOP
Copyright © 2018 www.massapi.com. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.